lib/contrast/agent/protect/rule/sqli.rb in contrast-agent-6.1.0 vs lib/contrast/agent/protect/rule/sqli.rb in contrast-agent-6.1.1
- old
+ new
@@ -29,10 +29,24 @@
XML_VALUE, DWR_VALUE
].cs__freeze
NAME = 'sql-injection'
BLOCK_MESSAGE = 'SQLi rule triggered. Response blocked.'
+ class << self
+ # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+ # @return [Hash] the details for this specific rule
+ def extract_details attack_sample
+ {
+ start: attack_sample.sqli.start_idx,
+ end: attack_sample.sqli.end_idx,
+ boundaryOverrunIndex: attack_sample.sqli.boundary_overrun_idx,
+ inputBoundaryIndex: attack_sample.sqli.input_boundary_idx,
+ query: attack_sample.sqli.query
+ }
+ end
+ end
+
def rule_name
NAME
end
def block_message
@@ -45,32 +59,11 @@
result = find_attacker(context, query_string, database: database)
return unless result
append_to_activity(context, result)
- cef_logging result, :successful_attack, query_string
- raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
- end
-
- private
-
- def find_attacker context, potential_attack_string, **kwargs
- ia_results = gather_ia_results(context)
- find_attacker_with_results(context, potential_attack_string, ia_results, **kwargs)
- end
-
- def infilter? context
- return false unless context&.agent_input_analysis&.results
- return false unless enabled?
- return false if protect_excluded_by_code?
-
- true
- end
-
- def gather_ia_results context
- context.agent_input_analysis.results.select do |ia_result|
- ia_result.rule_id == rule_name
- end
+ cef_logging(result, :successful_attack, query_string)
+ raise(Contrast::SecurityException.new(self, BLOCK_MESSAGE)) if blocked?
end
end
end
end
end